Over the Internet, a service provider may provide a World-Wide Web site that is physically partitioned among a plurality of servers. Many servers charge users a subscription fee to access these sites, and users then provide a user name and password. However, when the information sources are spread over different machines, there is no easy way to detect that two different users are accessing the service simultaneously with the same username and password. Authentication services need to be provided that operate efficiently in a distributed environment and not only admit valid users but also reject simultaneous duplicate users.
Prior art that exists today are the proprietary services that are provided by private and publicly available companies on the Internet such as TEN (Total Entertainment Network) and Blizzard Entertainment. Blizzard Entertainment provides an Internet lobby server called battle.net which is a free service to all users that have a CD of the Diablo game. It, therefore, authenticates users by detecting the presence of a file on the local machine. Diablo users can use this service to create a multi-user game over the Internet or locate and join an existing game. The service is free since users have already purchased the game as compensation. However, this process is easily compromised since the CD can be copied and multiple users can access the service without paying for the game. The overall goal is to provide a central Lobby in which users can open a game for others to see and join.
The Kerberos system, used by systems such as the Andrew File System (AFS) and MIT Project Athena, provides authentication services to access a set of distributed servers. The user presents credentials to a central server which provides access to any number of other servers. Again, no method is offered to detect duplicate users simultaneously accessing the system.
This disclosure provides a method to authenticate users and limit compromised passwords to provide a commercially viable service.